diff options
| author | shadlaws <shad@shadlaws.com> | 2013-01-25 08:47:29 +0100 |
|---|---|---|
| committer | shadlaws <shad@shadlaws.com> | 2013-01-25 08:47:29 +0100 |
| commit | 48bd19808c38a8de20cfece1adc1ffe226da3783 (patch) | |
| tree | d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/tag | |
| parent | 4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff) | |
#1956 - Escape LIKE queries (for _ and %).
In MySQL queries, _ and % characters are treated as wildcards (similar to ? and *, respectively).
- Added escape_for_like function to MY_Database.php
- Added unit test to Database_Test
- Corrected the five unescaped instances in the code using this function.
Diffstat (limited to 'modules/tag')
| -rw-r--r-- | modules/tag/controllers/tags.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index 77ad7f50..77d45a95 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -52,7 +52,7 @@ class Tags_Controller extends Controller { $limit = Input::instance()->get("limit"); $tag_part = ltrim(end($tag_parts)); $tag_list = ORM::factory("tag") - ->where("name", "LIKE", "{$tag_part}%") + ->where("name", "LIKE", Database::escape_for_like($tag_part) . "%") ->order_by("name", "ASC") ->limit($limit) ->find_all(); |